Phil Zimmerman, the author of “Pretty Good Privacy” was in the news recently, talking about the usage of consumer email and the threats posed by the collection of vast amounts of metadata.

First of all, what is PGP?

PGP stands for “Pretty Good Privacy,” an email encryption program that has two uses. “First, it is an encryption system that uses public-key cryptography. Each user has a public key and a private key. In simple terms, you can encrypt a message using someone’s public key and they can decrypt it using their private key. (A one-off session key is actually involved.) If the private key has been kept truly private, no one else can read the message. More commonly, PGP is used to create a digital signature based on the contents of an email. This enables the recipient to verify that the message has not been changed, using the sender’s public key.” (Schofield, J. 2007 May 24 – Pretty Good Privacy with PGP, The Guardian)

Average consumer email, however, does not have these security protocols to protect the privacy of those in communication with each other. In fact, anyone with the technical know-how has the ability to obtain passwords and read any and all of someone’s email without anyone knowing.

But all they’re collecting is the metadata, right?

Well, maybe. But even though metadata (technical definition: data about data) doesn’t reveal the details of particular conversations, just the metadata itself, collected in large amounts, paints an overall picture of who you’re talking to and when, how often, how long, and more.

Here are the types of information that’s being collected by the companies that host these services, and the governments that these companies operate under:

Metadata associated with emails:

Sender’s name, email, and IP address

Recipient’s name and email address

Date, time, and time zone

Unique identifier of email and related emails

Mail client login records with IP address

Mail client header formats

Subject of email

Metadata associated with mobile phones:

Phone number of every caller

Serial numbers of phones involved

Time of call

Duration of call

Location of each participant

Telephone calling card numbers

Metadata associated with Facebook:

Username and profile bio information including birthday, hometown, work history, and interests

As you can see, the aggregate of these parts of information gets pieced together into a whole, as simply as a computer-generated puzzle. This is especially important in some areas such as corporate communications and journalism, where the privacy of sources is essential to inform the public of the things they need to know about to make informed decisions in their everyday public and private lives.

These risks to privacy and the security that is so vital to business and personal conversations led Bugged.com‘s friend Phil Zimmermann “to develop a new feature for his Silent Phone app, encrypting conversations earlier in the call process. Dubbed “tunnelling”, the feature hides the knowledge of who is talking to who from any eavesdroppers. Zimmermann had the idea for the feature ‘quite a few months before the Edward Snowden revelations’, but its upcoming release will be timely.” (Hern, A. 2013 Sept 30 – Email surveillance could reveal journalists’ sources, expert claims. The Guardian)

Help

What you need to know

Michael Peros, Founder and Chief Technical Officer at Bugged.com trained with a top CIA spy to get the abilities and experience that he uses in Bugged.com today. He manages all his teams, ensuring they all have adequate training and experience, constantly staying up to date with new trends and equipment. This is information we use to ensure that we provide all our customers with the highest level of service at all times.